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(57) Abstract: A system for preventing intrusion in communication traffic with a set (130) of machines in a netwoik includes a 
data base (415) having stored therein patterns representative of forbidden communication entities as well a firewall module (412a) 
configured for blocking forbidden communication entities in the traffic as identified by respective patterns included in the data base 
(415). The system further includes another data base (416) having stored therein patterns representative of allowed communication 
entities for conununication with said set of machines (130) and a test system (420) including test facilities (421) replicating the 
machines in said set (130). A communication module (410) is provided configured for allowing (41 lb) communication of allowed 
communication entities as identified by respective patterns included in the other data base (416). Unknown conununication entities 
as identified by respective unknown patterns not included in either of said data base (415) and said further data base (416) are di- 
rected (41 Id) to the test system (420) and run on the test facilities (421) therein to detect possible adverse efifects of such unknown 
conununication entities on the test system. The system is further configured so that: i) in the presence of an adverse effect, the 
unknown communication entity leading to the adverse effect is blocked by the firewall module (412a), and ii) in the absence of an 
adverse effect, conununication of the unknown communication entity failing to lead to said adverse effect is allowed. 
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